package com.spring.security.core.annotation;

import java.lang.reflect.Method;

import javax.servlet.http.HttpServletRequest;

import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import com.spera.shopoa.util.ShopOaSessionUtil;
import com.spring.security.web.model.BaseResult;

@Aspect
@Component
public class SpringOaRestPermission {
	@Pointcut("@annotation(com.spring.security.core.annotation.OaRestPermission)")
	public void oaRestPermission(){
	}
	
	@Around("oaRestPermission()")
	public Object aroundExec(ProceedingJoinPoint pjp) throws Throwable{
		MethodSignature ms=(MethodSignature) pjp.getSignature();
		Method method=ms.getMethod();
		
		RequestAttributes ra = RequestContextHolder.getRequestAttributes();  
	    ServletRequestAttributes sra = (ServletRequestAttributes)ra;  
	    HttpServletRequest request = sra.getRequest();  
		boolean ret = ShopOaSessionUtil.checkOaPriv(request,ShopOaSessionUtil.APPPATH+method.getAnnotation(OaRestPermission.class).value());
		
		if (ret) {
			try {
				return pjp.proceed();
			} catch (Throwable e) {
				BaseResult retM = new BaseResult("0","检测接口权限异常");
				return retM;
			}
		} else {
			BaseResult retM = new BaseResult("0","接口无权限");
			return retM;
		}
	}
}
